| services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs.*.oauth2.client_secret_file | Read the client secret from a file
|
| services.beesd.filesystems.<name>.hashTableSizeMB | Hash table size in MB; must be a multiple of 16
|
| services.openafsServer.roles.fileserver.volserverArgs | Arguments to the davolserver process
|
| services.akkoma.config.":joken".":default_signer" | JWT signing secret
|
| services.healthchecks.settingsFile | Environment variables which are read by healthchecks (local)_settings.py
|
| services.forgejo.database.passwordFile | A file containing the password corresponding to
services.forgejo.database.user.
|
| boot.loader.systemd-boot.memtest86.sortKey | systemd-boot orders the menu entries by their sort keys,
so if you want something to appear after all the NixOS entries,
it should start with o or onwards
|
| services.bookstack.nginx.basicAuthFile | Basic Auth password file for a vhost
|
| services.castopod.maxUploadSize | Maximum supported size for a file upload in
|
| services.collectd.validateConfig | Validate the syntax of collectd configuration file at build time
|
| powerManagement.cpuFreqGovernor | Configure the governor used to regulate the frequency of the
available CPUs
|
| services.redmine.database.passwordFile | A file containing the password corresponding to
database.user.
|
| services.printing.drivers | CUPS drivers to use
|
| services.silverbullet.envFile | File containing extra environment variables
|
| services.microsocks.authPasswordFile | Path to a file containing the password for authentication.
|
| services.whitebophir.enable | Whether to enable whitebophir, an online collaborative whiteboard server (persistent state will be maintained under /var/lib/whitebophir).
|
| services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.authorization.credentials_file | Sets the credentials to the credentials read from the configured file
|
| services.prometheus.alertmanager.configText | Alertmanager configuration as YAML text
|
| services.documize.stateDirectoryName | The name of the directory below /var/lib/private
where documize runs in and stores, for example, backups.
|
| services.inadyn.settings.custom.<name>.include | File to include additional settings for this provider from.
|
| services.cachix-agent.credentialsFile | Required file that needs to contain CACHIX_AGENT_TOKEN=...
|
| services.gitlab.secrets.jwsFile | A file containing the secret used to encrypt session
keys
|
| programs.tsmClient.servers.<name>.inclexcl | Text lines with include.* and exclude.* directives
to be used when sending files to the IBM TSM server,
or an absolute path pointing to a file with such lines.
|
| services.gitlab.secrets.dbFile | A file containing the secret used to encrypt variables in
the DB
|
| services.snips-sh.settings | The configuration of snips-sh is done through environment variables,
therefore you must use upper snake case (e.g. SNIPS_HTTP_INTERNAL)
|
| services.misskey.database.passwordFile | The path to a file containing the database password
|
| services.physlock.lockOn.extraTargets | Other targets to lock the screen just before
|
| services.pretix.environmentFile | Environment file to pass secret configuration values
|
| services.schleuder.extraSettingsFile | YAML file to merge into the schleuder config at runtime
|
| services.slurm.dbdserver.storagePassFile | Path to file with database password
|
| services.zwave-js.settings | Configuration settings for the generated config file
|
| services.dex.environmentFile | Environment file (see systemd.exec(5)
"EnvironmentFile=" section for the syntax) to define variables for dex
|
| hardware.tuxedo-drivers.settings.charging-profile | The maximum charge level to help reduce battery wear:
high_capacity charges to 100% (driver default)balanced charges to 90%stationary charges to 80% (maximum lifespan)
Note: Regardless of the configured charging profile, the operating system will always report the battery as being charged to 100%.
|
| services.libinput.touchpad.accelProfile | Sets the pointer acceleration profile to the given profile
|
| services.reposilite.database.path | Path to the embedded database file
|
| services.plausible.mail.smtp.passwordFile | The path to the file with the password in case SMTP auth is enabled.
|
| services.rsyncd.settings.globalSection | global section of an INI file (attrs of INI atom (null, bool, int, float or string))
|
| services.prosody.httpFileShare.size_limit | Maximum file size, in bytes.
|
| virtualisation.bios | An alternate BIOS (such as qboot) with which to start the VM
|
| services.xserver.windowManager.exwm.loadScript | Emacs lisp code to be run after loading the user's init
file.
|
| services.uwsgi.instance | uWSGI configuration
|
| services.zabbixProxy.database.passwordFile | A file containing the password corresponding to
database.user.
|
| services.wyoming.satellite.sounds.done | Path to audio file in WAV format to play when voice command recording has ended.
|
| systemd.services.<name>.reloadTriggers | An arbitrary list of items such as derivations
|
| systemd.user.sockets.<name>.reloadTriggers | An arbitrary list of items such as derivations
|
| systemd.user.targets.<name>.reloadTriggers | An arbitrary list of items such as derivations
|
| services.system76-scheduler.settings.cfsProfiles.enable | Tweak CFS latency parameters when going on/off battery
|
| services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs.*.tls_config.ca_file | CA certificate to validate API server certificate with.
|
| networking.resolvconf.extraConfig | Extra configuration to append to resolvconf.conf.
|
| boot.loader.systemd-boot.windows | Make Windows bootable from systemd-boot
|
| services.caddy.settings | Structured configuration for Caddy to generate a Caddy JSON configuration file
|
| services.athens.index.postgres.password | Password for the Postgres database
|
| services.athens.singleFlight.redis.password | Password for the redis server
|
| services.dolibarr.database.passwordFile | Database password file.
|
| services.opencloud.settings | Additional YAML configuration for OpenCloud services
|
| services.peering-manager.peeringdbApiKeyFile | Path to a file containing the PeeringDB API key.
|
| services.pghero.environmentFiles | File to load environment variables from
|
| services.maddy.tls.loader | TLS certificates are obtained by modules called "certificate
loaders"
|
| services.open-webui.environmentFile | Environment file to be passed to the systemd service
|
| virtualisation.xen.qemu.pidFile | Path to the QEMU PID file.
|
| services.mautrix-signal.registerToSynapse | Whether to add the bridge's app service registration file to
services.matrix-synapse.settings.app_service_config_files.
|
| services.writefreely.settings | Writefreely configuration (config.ini)
|
| system.userActivationScripts | A set of shell script fragments that are executed by a systemd user
service when a NixOS system configuration is activated
|
| services.filesender.settings.admin_email | Email address of FileSender administrator(s)
|
| services.prometheus.scrapeConfigs.*.digitalocean_sd_configs.*.oauth2.client_secret_file | Read the client secret from a file
|
| hardware.printers.ensurePrinters.*.model | Location of the ppd driver file for the printer.
lpinfo -m shows a list of supported models.
|
| services.cloudlog.database.passwordFile | MySQL user password file.
|
| services.gitlab.initialRootPasswordFile | File containing the initial password of the root account if
this is a new install
|
| networking.wireless.networks | The network definitions to automatically connect to when
wpa_supplicant is running
|
| services.bluemap.webserverSettings | Settings for the webserver.conf file, usually not required.
See upstream docs.
|
| services.gitlab.databasePasswordFile | File containing the GitLab database user password
|
| services.kimai.sites.<name>.database.passwordFile | A file containing the password corresponding to
database.user.
|
| services.grafana.settings.database.path | Only applicable to sqlite3 database
|
| boot.binfmt.registrations.<name>.mask | A mask to be ANDed with the byte sequence of the file before matching
|
| services.gitlab.secrets.otpFile | A file containing the secret used to encrypt secrets for OTP
tokens
|
| services.meshtasticd.settings | The Meshtastic configuration file
|
| services.matrix-hookshot.settings.passFile | A passkey used to encrypt tokens stored inside the bridge
|
| services.tarsnap.archives.<name>.lowmem | Reduce memory consumption by not caching small files
|
| services.syncplay.permanentRoomsFile | File with list of rooms that will be listed even if the room is empty,
newline delimited
|
| services.jirafeau.nginxConfig.basicAuthFile | Basic Auth password file for a vhost
|
| services.wyoming.satellite.sounds.awake | Path to audio file in WAV format to play when wake word is detected.
|
| services.wg-access-server.secretsFile | yaml file containing all secrets. this needs to be in the same structure as the configuration
|
| virtualisation.oci-containers.containers.<name>.imageFile | Path to an image file to load before running the image
|
| services.nextcloud.settings."profile.enabled" | Makes user-profiles globally available under nextcloud.tld/u/user.name
|
| services.shadowsocks.passwordFile | Password file with a password for connecting clients.
|
| services.minio.rootCredentialsFile | File containing the MINIO_ROOT_USER, default is "minioadmin", and
MINIO_ROOT_PASSWORD (length >= 8), default is "minioadmin"; in the format of
an EnvironmentFile=, as described by systemd.exec(5).
|
| services.thinkfan.sensors.*.query | The query string used to match one or more sensors: can be
a fullpath to the temperature file (single sensor) or a fullpath
to a driver directory (multiple sensors).
When multiple sensors match, the query can be restricted using the
name or indices options.
|
| services.prefect.databasePasswordFile | path to a file containing e.g.:
DBPASSWORD=supersecret
stored outside the nix store, read by systemd as EnvironmentFile.
|
| services.pipewire.extraConfig.client | Additional configuration for the PipeWire client library, used by most applications
|
| services.kubernetes.kubelet.clientCaFile | Kubernetes apiserver CA file for client authentication.
|
| services.vlagent.remoteWrite.maxDiskUsagePerUrl | The maximum file-based buffer size in bytes
|
| services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs.*.authorization.credentials_file | Sets the credentials to the credentials read from the configured file
|
| services.kubernetes.scheduler.kubeconfig.caFile | Kubernetes scheduler certificate authority file used to connect to kube-apiserver.
|
| services.gerbil.environmentFile | Path to a file containing sensitive environment variables for Gerbil
|
| networking.stevenblack.enable | Whether to enable the stevenblack hosts file blocklist.
|
| services.dawarich.database.passwordFile | A file containing the password corresponding to services.dawarich.database.user.
|
| services.fail2ban.banaction | Default banning action (e.g. iptables, iptables-new, iptables-multiport,
iptables-ipset-proto6-allports, shorewall, etc)
|
| services.botamusique.settings | Your configuration.ini as a Nix attribute set
|
| services.librenms.phpOptions | Options for PHP's php.ini file for librenms
|
| services.pgadmin.initialPasswordFile | Initial password file for the pgAdmin account
|